Menu

Explore our services

Case Studies
Blog
About
Careers
Contact
Get a Demo

Contact Us

info@atlasbusinesssoftware.com
+91 9998134210
504, 5th Floor, A Wing, Ratnaakar Nine Square,
Opp. Keshavbaug Party Plot,
Vastrapur, Ahmedabad,
Gujarat - 380015

Data Processing Addendum (DPA)

Last Updated: November 20, 2024

Need a Signed DPA?

If you require a signed Data Processing Addendum for GDPR or other compliance requirements, please contact our legal team.

Request Signed DPA

1. Definitions

In this Data Processing Addendum ("DPA"):

  • "Data Controller" means the Customer who determines the purposes and means of processing Personal Data
  • "Data Processor" means Atlas Business Software, processing Personal Data on behalf of the Controller
  • "Personal Data" has the meaning given in applicable Data Protection Laws
  • "Data Protection Laws" means GDPR and other applicable data protection regulations
  • "GDPR" means Regulation (EU) 2016/679

2. Scope and Application

This DPA applies to the extent that Atlas Business Software processes Personal Data on behalf of the Customer in providing the Services. This DPA forms part of and is incorporated into the Master Services Agreement or Terms of Service.

3. Data Processing

Atlas Business Software shall:

  • Process Personal Data only on documented instructions from the Controller
  • Ensure persons authorized to process Personal Data are bound by confidentiality
  • Implement appropriate technical and organizational security measures
  • Not engage sub-processors without prior authorization
  • Assist the Controller in responding to data subject requests
  • Delete or return Personal Data upon termination

4. Security Measures

Atlas Business Software implements appropriate technical and organizational measures including:

  • Encryption of Personal Data at rest and in transit
  • Regular security testing and monitoring
  • Access controls and authentication mechanisms
  • Incident response procedures
  • Regular staff training on data protection

5. Sub-Processors

The Controller authorizes Atlas Business Software to engage sub-processors for processing activities. Current sub-processors include:

  • Cloud infrastructure providers (AWS, Google Cloud, Azure)
  • Monitoring and analytics services
  • Customer support platforms

We will notify the Controller of any intended changes concerning the addition or replacement of sub-processors, giving the Controller the opportunity to object.

6. Data Subject Rights

Atlas Business Software will assist the Controller in fulfilling its obligations to respond to requests from data subjects exercising their rights under Data Protection Laws, including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object

7. Data Breach Notification

Atlas Business Software will notify the Controller without undue delay upon becoming aware of a Personal Data breach affecting the Controller's data. We will provide:

  • Description of the nature of the breach
  • Categories and approximate number of data subjects affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach

8. Data Protection Impact Assessment

Atlas Business Software will provide reasonable assistance to the Controller in conducting Data Protection Impact Assessments and consulting with supervisory authorities where required.

9. International Data Transfers

Where Personal Data is transferred outside the EEA, Atlas Business Software ensures appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally recognized transfer mechanisms

10. Audits

Atlas Business Software shall make available to the Controller information necessary to demonstrate compliance with obligations under this DPA and allow for audits, including inspections, by the Controller or an auditor mandated by the Controller.